All your points on Intellectual Property are valid. Hence, I opted not to attack your argument from that perspective. I am also not in the anit-IP crowd. I think to get the carrier firmly up, we need to establish more facts. It appears that incorrect assumptions lie at the heart of the differences in our views.
Mike never had the IOS source code. Cisco never gave it to him; he was not under NDA to have it. He did not violate any of their rights to protect their source code. Mike did his research by disassembling the publicly available IOS images. This was a case of reverse engineering. If anything, Mike's legal liability lied in exposing trade secrets, but not due to any access to (Cisco) proprietary information. Both you and I could easily have access in a "virgin" manor to what Mike based his research on. I assume that both Cisco and ISS (and their respective legal teams) did not feel they were standing on firm enough ground to go after Mike based on this tactic. The dogs smelled blood and were barking, but they were kept on the leash. The reason certainly wasn't a feeling of mercy on the part of Cisco.
Once we get here, we come full circle again. And its a big circle. The ends meet at places like the old DeCSS situation. If you own the chattel (odd context to use that term, I know), do you have the right to take it apart and figure out how it works? Can you share that information? If the law is vague, where do ethics supplement the pre-legal argument? If this situation winds up being framed in that light, its the DMCA we have to look to. If you want a laugh, think about if coming up with an exploit qualifies as "necessary to achieve interoperability of an independently created computer program."
I also do firmly believe that Mike's statements are grounded in fact when it comes to matters like "China has this." The big picture could best be described as "huge" if you acknowledge that. Thinking about the problem honestly feels like wargaming to me.
The general option of the hacker (read: security, not criminal) community is that Cisco has a broken security culture. They need a wake-up call like this to bring positive change to it. I think they will be successful with it in the long term too. I'm also not a member of the "all corps are dumb" crowd. At worst, I prefer to think of them (us?) as "slow". ISS on the other hand, I don't have such kind words for. Please take a look at this post on my blog which contains a link to and some excerpts from Mike's interview with Wired.
That made me outright angry. It also raised some serious questions, which I am not going to put forth in a public forum. Bonus points if you can figure them out...
